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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )E] Responsive to communication(s) filed on 14 May 2007 . 
2a)M This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 21-25.27-31 and 33-37 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 21-25.27-31 and 33-37 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)S The drawing(s) filed on 01 November 2004 is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. r . 

3) ^ Information Disclosure Statement(s) (PTO/SB/08) 5) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date 7/23/07 . 6) □ Other: . 
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DETAILED ACTION 

1. Claims 21-25, 27-31, 33-37 are pending and presented for examination. Claims 1-20, 26, 
32 and 38 are cancelled. 

Response to Arguments 

2. Applicant's arguments with respect to claims 21-39 have been considered but are moot in 
view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

4. Claims 21-23, 27-29 and 33-35 rejected under 35 U.S.C. 103(a) as being anticipated by 
Sprigg et al. (Sprigg), U.S. PG-PUB 2003/0051 169 in view of Eskin et al. (Eskin), 7,162,741. 

Regarding claims 21, 27 and 33: Sprigg substantially teaches a method of defining 
rights for controlling access to one or more resources of a computer, comprising: 

receiving requests to access a resource from a process having a process path (paragraph 

0024); 
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receiving from the intrusion detection module, the description of the rights to access the 
resource by the process (paragraph 0025); 

building a resource access table based at least in part on the description of the rights to 
access the resource, the resource access table having an ordered list of entries specifying process 
paths of processes and rights to access resources by the processes (paragraph 0036-0039); and 

storing data the resource access table (paragraph 0036). 

Sprigg fails to disclose generating the resource access table by monitoring patterns in the 
requests. However, observing patters is common in the art of intrusion detection as 
demonstrated by Eskin. Eskin discloses an intrusion detection system that analyzes sequences of 
resource requests from an application and forms a normal pattern with which to produce a 
predictive probability (5:19-53). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to utilize intrusion detection techniques in combination with the invention of Sprigg in 
order to identify when an attack is being executed with respect to resource access as taught by 
Eskin (5:27-39). 

Regarding claims 22, 28 and 34: Eskin further discloses the resource access table 
comprising the process path of the process and a directory path identifying the resource that the 
process is allowed to access (5:53-6:38). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to utilize intrusion detection techniques in combination with the invention of Sprigg in 
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order to identify when an attack is being executed with respect to resource access as taught by 
Eskin (5:27-39). 

Regarding claims 23, 29 and 35: Sprigg further discloses including values associated 
with the directory path, the value describing a type of allowable resource to be accessed by the 
process (paragraph 003 8) . 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to utilize intrusion detection techniques in combination with the invention of Sprigg in 
order to identify when an attack is being executed with respect to resource access as taught by 
Eskin (5:27-39). 

5. Claims 24-25, 30-31, and 36-37 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sprigg in view of Eskin as applied to claims 21, 27 and 33 above and further 
in view of Trabelsi, U.S. Patent Publication No. 2001/0056494 (hereinafter "Trabelsi"). 

Regarding claims 24, 30, and 36: Sprigg and Eskin fails to disclose storing the directory 
path comprises: representing the directory path using a meta-symbol. 

Trabelsi discloses that storing the directory path comprises: representing the directory 
path using a meta-symbol (Fig. 4 and [0042-0043]). 

Therefore, it would have been obvious to one skilled in the art at the time of the invention 
to modify Sprigg and Eskin by path storage as taught by Trabelsi in order to optimize access 
control (see Trabelsi [0083]). 

Regarding claims 25, 31, and 37: Sprigg and Eskin fail to disclose the meta symbol 
represents one or more items of information selected from the set consisting of: an identification 
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of a user of the process accessing the resource; a path wildcard; a directory wildcard; a character 
wildcard; and a portion of a name of the resource. 

Trabelsi discloses that the meta symbol represents one or more items of information 
selected from the set consisting of: an identification of a user of the process accessing the 
resource (Fig. 4, first row, and [0043]); a path wildcard (Fig. 4, last row, and [0043]); a directory 
wildcard (Fig. 4, last row, and [0043]); a character wildcard (Fig. 4, first row, and [0043]); and a 
portion of a name of the resource (Fig. 4, second row, and [0043]). 

Therefore it would have been obvious to one skilled in the art at the time of the invention 
to modify Sprigg and Eskin by path storage using groupings as taught by Trabelsi in order to 
facilitate access management {see Trabelsi [0044]). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kristin D. Sandoval whose telephone number is 571-272-7958. 
The examiner can normally be reached on Monday - Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Kristin D Sandoval 
Examiner 
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SUPERVISORY PATENT EXAMINER 
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